Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1622 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Sophos Anti-Virus for Windows 2000+: removing W32/Confick and Mal/Conficker

onika411

After downloading the "Sophos Anti-Virus for Windows 2000+:removing W32/Confick and Mal/Conficker with Sophos Anti-Virus"  this is the message that I'm getting.....any ideas of what is wrong....

Log file path: C:\WINDOWS\TEMP\Sophos_MalConficker-A.log

Could not open C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Could not open C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Could not open C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

We are having this Conficker-A and Conficker-D really bad at school...and it's getting on flash drives that I bring back and forth....Webroot is not cleaning ....

HELP

:2379


This thread was automatically locked due to age.
Parents
  • 0

    Hello onika411 (quite a name),

    the messages are for files which are opened with exclusive lock. You see probably some more of them (performance data, other UsrClass hives, tmp data). If you're not sure whether the entries you see are "normal" contact support. Have the log ready but don't believe the Log file path message - the log is in your Local Settings\Temp directory.

    You have probably read the knowledgebase articles: follow all the instructions - it is necessary to unplug the computers or quarantine the network even if this means disrupting your normal operation. Otherwise it can take eons to get rid of it (and only if you have sufficient protection on the clean and cleaned computers). But if you do it right and determinedly it doesn't take that long and you'll soon make up for the outage.  

    Christian

    :2391
Reply
  • 0

    Hello onika411 (quite a name),

    the messages are for files which are opened with exclusive lock. You see probably some more of them (performance data, other UsrClass hives, tmp data). If you're not sure whether the entries you see are "normal" contact support. Have the log ready but don't believe the Log file path message - the log is in your Local Settings\Temp directory.

    You have probably read the knowledgebase articles: follow all the instructions - it is necessary to unplug the computers or quarantine the network even if this means disrupting your normal operation. Otherwise it can take eons to get rid of it (and only if you have sufficient protection on the clean and cleaned computers). But if you do it right and determinedly it doesn't take that long and you'll soon make up for the outage.  

    Christian

    :2391
Children
No Data
Unfiltered HTML